There is one wording error in section 5.2 - i.e. should be e.g. (for
example rather than that is). In the minutes of the IETF 46 meeting, this
same issue came up as "what is equivalent to PKCS-7 Authenticated
Attributes in the syntax". It was suggested that an example of this should
be included (presumably in the syntax draft), and none has been yet.
Since I was the one who suggested an example (passport check), here is
the ASN.1 for the CMS or PKCS-7 equivalent, neglecting DER sorting and
similar issues, and using a hybrid value notation to avoid separate
definitions for the types and data here:
AuthenticatedAttributes ::= SET { PassportNumber, ChecksMade }
PassportNumber ::= SEQUENCE {
tempOID OBJECT IDENTIFIER { 0 3 8232 4127 20000214 1 },
value SET {
val1 SEQUENCE {
country PrintableString "US",
idnumber UTF8String "555"
}
}
ChecksMade ::= SEQUENCE {
tempOID2 OBJECT IDENTIFIER { 0 3 8232 4127 20000214 2 },
value2 SET {
chks BIT STRING { picture(0) TRUE, gender(1) TRUE,
approxAge(2) TRUE, eyeColor(3) FALSE }
}
}
I hope the notation is fairly clear. The OID root is mine personally,
if anybody is curious. I think that we should have an XML equivalent in
the draft showing what a SignatureProperty element representing at least
one of these assertions would look like.
Tom Gindin